By Alice Chambers |
Cybercriminals are gaining access to networks by posing a legitimate employees, states Microsoft’s Incident Response team in its Cyberattack Series.
“This form of cyberattack involves operatives posing as legitimate remote hires, slipping past human resources checks and onboarding processes to gain trusted access,” says a spokesperson for Microsoft. “Once inside, they exploit corporate systems to steal sensitive data, deploy malicious tools, and funnel profits to state-sponsored programmes.”
Microsoft recommends combining strong security operations centre practices with insider risk strategies to close the detection gap that threat actors exploit. Microsoft Purview Insider Risk Management, for example, can help organisations identify risky behaviours before they escalate.
Read more: Microsoft on how fake people can gain very real access
The Cyberattack Series is an opportunity for Microsoft to share notable security investigations and findings with its customers, showing how breaches occur, are detected and remediated, along with strategies to prevent similar incidents.